Managed Cloud Services Talk Cyber Insurance and Liability
February 13, 2017
The fear of data getting stolen from the cloud is real, and some insurers are still hesitant about jumping on the cloud for this very reason. New technologies and applications have been developed over the past couple of years to ensure data is secure in the web. The hybrid cloud helps to keep client data secure within the office, and two-tier authentication helps to prevent hacking while on the go.
Hackers are good at what they do. If given enough time, they will eventually find a way into anything. So the question is, who is liable: the cloud company or the insurance firm?
The Insurance Company
There are many types of issues that stem from the loss of data. One of the key arguments here is the damage to the client. If a storm wipes out the data center and all of the data is lost, then that is really just an inconvenience, a big one, but typically there is no real damage. However, if the data is stolen by hackers and a fake ID is created, then there can be a real issue. The problem hasn’t always been a major concern but if the data is stolen from Company A, and that data is comprised of 1,000 names and social security numbers, then there is a possibility of 1,000 law suits. That is a major problem.
Some states require insurance companies to use reasonable means to store data. That is good, but that doesn’t really set a mandate when it comes to court filings. According to Woodruff, Sawyer & Co., “legal obligation rests with the company that initially accepted the data. One notable exception is companies supporting the health care industry, who are considered ‘business associates’ under HIPAA. “This means the third party is now equally responsible, but not solely at fault.
Cloud providers cannot be sued by the individuals who had their identities stolen, but the insurance company who is leasing the cloud can sue them for damages sustained from losing the data. Damages – meaning the insurance company was already sued by individual clients first. In many instances, the cloud provider will have an E&O claim, so they are not held responsible for data loss. Respectable managed service providers will have a workable contract available for use with insurance companies. In some cases, they may tack on a cyber insurance bundle for an extra fee every month.
Yes, this is a real thing. Cyber insurance is still in its budding stages. Because of all the unknowns associated with the possibility of hacking and the resulting damages, there is continued exploration into everything from realistic premium prices, who is at fault, and determining the true extent of damages. Cyber insurance is a good idea, and if possible, also make sure that your cloud provider carries their own insurance in case of data loss.
Even with existing challenges, the cloud is the safest place to store your data. The threat of a data breach has always been around, and it will continue (at least till the next wave of technology hits us). Make sure you are protected from liability with cyber insurance, and make sure your managed cloud services provider is doing their part to protect themselves as well.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.